Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
210
security advisorycriticalrepositoryGitHub Actions: Critical Risks from Misconfigured Workflow Triggers
You know how we always preach to secure everything: servers, processes, applications? It turns out that a lot of us missed a serious blind spot hiding in plain sight—CI/CD pipelines, particularly in how GitHub Actions workflows are configured. Sysdig’s Threat Research Team (TRT) recently dropped some eye-opening findings, uncovering dangerous vulnerabilities in workflows for major open-source projects like MITRE and Splunk. These issues aren’t just theoretical risks or something “future-you” can deal with. If you’re a Linux admin or developer involved in open-source projects, this is your nudge to take GitHub Actions security seriously—because bad actors already are. . The culprit? Misusing the pull_request_target trigger. It sounds innocent on paper—running workflows in the context of the base branch—but combine it with some lazy configurations, and you’re practically handing over your secrets and permissions to malicious actors. Let me break down exactly how the exploit works and why we need to address it yesterday. The Problem: Misconfiguring pull_request_target Opens Dangerous Doors Here’s the deal. GitHub Actions is a fan favorite for automating CI/CD pipelines , and it’s easy to see why. Integration with repos is smooth, flexible, and clean, eliminating manual grunt work. But flexibility comes at a cost if you don’t know what you’re doing—just ask Sysdig’s researchers. The pull_request_target trigger does something deceptively risky: it runs workflows in the base branch context (like main ) when processing pull requests from forks. That means it can access repository secrets and the high-privilege GITHUB_TOKEN by default. Here’s where things spiral: if your GitHub Action workflow checks out code from a fork’s head.ref (essentially untrusted pull request code from contributors), it opens the door for an attacker. A crafty user can inject malicious payloads—editing files like setup.py (for Python packages), or requirements.txt —and inone sweep, nab sensitive credentials or even escalate privileges across the repository. Think about it; this isn’t a complex exploit. It’s a glaring weakness, and popular open-source repositories are already vulnerable. Who’s a Sitting Duck? Honestly, this affects a lot of folks. Open-source projects with contributors all over the globe? Yep, you’re in the crosshairs. High-profile repositories like MITRE’s Cyber Analytics Repository or Splunk’s security_content ? Directly exposed. And here’s the gut-punch: many developers just don’t realize how dangerous the default high-privilege permissions tied to GITHUB_TOKEN really are. Combine that with the misuse of workflow triggers like pull_request_target , and you’ve got a recipe for repository-wide chaos. Even worse, this issue isn’t limited to the giants. Many smaller projects are equally at risk simply because workflow security isn’t a high priority (or maybe it’s not well-understood). How Do You Fix This? If reading this made you glance nervously at your own GitHub Actions configuration, you’re not alone. The good news? This isn’t rocket science to fix—it’s just a matter of being proactive and following smarter practices. Stop Using pull_request_target Recklessly Here’s the hard truth: if your workflows involve untrusted code (e.g., contributions from forks), avoid using pull_request_target . Instead, stick to pull_request for safety. Why? Unlike its dangerously convenient cousin, pull_request executes workflows against a pull request’s branch context, limiting exposure of secrets and privileged tokens. If you must use pull_request_target for some reason, block workflows from executing on untrusted foreign code. It’s better to inconvenience contributors a little than to jeopardize your whole repo. Clamp Down on GITHUB_TOKEN Permissions GitHub generously sets the GITHUB_TOKEN permissions high by default, which is a disaster waiting to happen. Adjust those privileges in your reposettings; make them read-only unless absolutely necessary. Better yet, use fine-grained personal access tokens for sensitive workflows where you need more control. Rethink Secret Management Here’s a tip: secrets don’t belong everywhere. Limit their scope to the specific workflows or jobs where they’re actually needed. If your repository secrets can be accessed globally, it’s time to rethink that setup. Apply the principle of least privilege like your job depends on it—because one day, it might. Audit Regularly When was the last time you actually audited your workflows ? If the answer is “never,” now’s a good time to start. Look for dangerous patterns like automatic checkout of pull-request branches, and get yourself some help from security-focused tools. Open-source linters designed for GitHub Actions can flag insecure practices before they become leaks. Train and Spread the Word Let’s be honest: GitHub Actions security isn’t exactly everyone’s favorite lunchtime topic. So make it one. Hold internal sessions, show your devs how GITHUB_TOKEN permissions work, and teach them why certain triggers (like pull_request_target ) are time bombs if misconfigured. Wrapping It All Up GitHub Actions is a great tool—until it isn’t. These workflows might not feel as major as your servers, but make no mistake, misconfigurations can lead directly to repository takeovers. And once sensitive credentials or secrets are exposed, it’s game over. The vulnerabilities discovered in repositories like MITRE and Splunk should be a wake-up call for all of us in the Linux and infosec community. This isn’t about being paranoid—it’s about being aware and acting before bad actors do. So if you haven’t already, start digging into your workflows and lock them down. It’s as much a part of your security stack as managing firewalls or deploying access controls . And the longer you wait, the closer attackers get to turning your CI/CD pipelines into their playground. Don’tgive them that chance. . Misconfiguring the pull_request_target trigger leads to serious security risks in GitHub Actions workflows for open-source projects.. GitHub Actions, CI/CD Security, Open Source Risks, Workflow Vulnerabilities, Secure Configurations. . Brittany Day
Jun 19, 2025
•
Security Vulnerabilities
212
security advisoryexploit riskdata compromiseExploit Risks of Misconfigured Azure Services in EmojiDeploy Attack Chain
Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system. . An attack chain exploiting misconfigurations and weak security controls in a common Azure service is highlighting how lack of visibility impacts the security of cloud platforms. The "EmojiDeploy" attack chain could allow a threat actor to run arbitrary code with the permission of the Web server, steal or delete sensitive data, and compromise a targeted application, Ermetic stated in its Jan. 19 advisory . An attacker could use a trio of security issues affecting the common Source Code Management (SCM) service — a cloud service used by many Azure applications without an explicit indication to the user, according to Ermetic. The issues demonstrate that the security of cloud platforms are undermined by the lack of visibility into what those platforms do under the hood, says Igal Gofman, head of research for Ermetic. The link for this article located at DarkReading is no longer available. . A vulnerability pathway leveraging insufficient configurations and lax defenses in a widely used Azure platform could present significant threats.. AzureService, CloudSecurity, MisconfigurationRisk, AttackChain. . Brittany Day
Jan 26, 2023
•
Cloud Security
81
storage securityauthentication flawinternet exposureExposed iSCSI Storage Clusters Present Major Data Breach Threats
Over 13,000 iSCSI storage clusters are currently accessible via the internet after their respective owners forgot to enable authentication. . This misconfiguration has the risk of causing serious harm to devices' owners, as cyber-criminal groups could access these internet-accessible hard drives (storage disk arrays and NAS devices) to replace legitimate files with malware, insert backdoors inside backups, or steal company information stored on the unprotected devices. The link for this article located at ZDNet is no longer available. . More than 12,000 open SMB file shares can be found on the internet, posing a threat of unapproved access and possible information leaks.. iSCSI Access Risk, Storage Cluster Security, Internet Vulnerability. . LinuxSecurity.com Team
Apr 02, 2019
•
Privacy
81
data breachcybersecuritydata exposureData Breach: 2.3 Million Mexican Patient Records Exposed via MongoDB
Highly sensitive data on over 2.3 million Mexican patients has been exposed via a misconfigured MongoDB installation. . Bob Diachenko, formerly of the Kromtech Security Center, made the discovery via a simple Shodan search last week and claimed in a post that the data was viewable and editable for anyone without a password. The link for this article located at InfoSecurity is no longer available. . Bob Diachenko, formerly of the Kromtech Security Center, made the discovery via a simple Shodan sear. highly, sensitive, million, mexican, patients, exposed, misconfigured. . LinuxSecurity.com Team
Aug 08, 2018
•
Privacy
67
network securityssl configurationpython toolSSLyze v0.6: Analyze SSL Server Configurations Effectively
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.. The link for this article located at Darknet is no longer available. . SSLyze is a robust Python utility for assessing the security of SSL/TLS configurations on servers, revealing vulnerabilities and misconfigurations to enhance security. SSLyze, Python Tool, Server Assessment, SSL Security, SSL Analysis. . LinuxSecurity.com Team
Apr 22, 2013
•
Cryptography
83
security advisorysecurity issueapacheApache: Internal Access Threat Due To Reverse Proxy Misconfiguration
A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. . Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a QualysGuard vulnerability signature for another reverse proxy issue, detailed in CVE-2011-3368. While reviewing the patch for the older bug, she discovered it was still possible to use a crafted request to exploit a fully-patched Apache Web Server. The link for this article located at ThreatPost is no longer available. . An recently identified Nginx reverse proxy vulnerability may result in unauthorized internal network exposure owing to setup errors.. Apache Reverse Proxy, Misconfiguration Risks, Internal Access Threats. . LinuxSecurity.com Team
Nov 28, 2011
•
Hacks/Cracks
78
security toolsystem analysismisconfigurationCritique of Microsoft Baseline Security Analyser for System Weaknesses
Microsoft released the Baseline Security Analyser (MBSA), a free tool which analyses Windows systems for common security misconfigurations, earlier this week. But users have already slammed it as just a GUI version of the software giant's HfNetChk.. . .. Microsoft released the Baseline Security Analyser (MBSA), a free tool which analyses Windows systems for common security misconfigurations, earlier this week. But users have already slammed it as just a GUI version of the software giant's HfNetChk. Since the release last year of Microsoft's command line hot fix network security checker, administrators have clamoured for a release with more functionality. The only alternative to date is a paid-for tool called HFNetChkPro, developed by Microsoft and Shavlik Technologies, which costs $5,000 for a 250-desktop licence. The link for this article located at vnunet is no longer available. . Microsoft introduced the Security Assessment Tool (MSAT), a complimentary application that evaluates Windows environments for potential security weaknesses.. Baseline Security Analyser, Windows security tool, system analysis. . LinuxSecurity.com Team
Apr 16, 2002
•
Vendors/Products
81
security advisoryaccount securitydefacementEarthLink Open Source Flaw: 81,000 Domains Exposed to Defacement
A one-two punch of poor security left up to 81,000 domains hosted by Internet service provider EarthLink Inc. open to defacement and exploitation for at least a week, ZDNet News learned on Tuesday. The vulnerability resulted from a recently discovered flaw . . . . A one-two punch of poor security left up to 81,000 domains hosted by Internet service provider EarthLink Inc. open to defacement and exploitation for at least a week, ZDNet News learned on Tuesday. The vulnerability resulted from a recently discovered flaw in an open-source e-commerce package combined with a misconfigured hosting server operated by EarthLink (Nasdaq: ELNK) subsidiary MindSpring. As a result, files containing the encrypted passwords for 81,000 accounts were readable by any Web browser. The link for this article located at ZDNet is no longer available. . Inadequate safeguards resulted in the exposure of 81,000 EarthLink websites, leaving them vulnerable to tampering and misuse for more than a week.. EarthLink Domain Flaw, Open Source Package Vulnerability, Misconfiguration Issues. . LinuxSecurity.com Team
Oct 17, 2000
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More